AccessEvade Detection & Defenses
How do you access the world’s best threat intelligence? Simple: By combining the world’s top sources of your choice to collaborate in real time.
Ideal for Home and Small Business
We understand that not everyone wants the level of protection that a full adam:ONE? ZTc node provides. It is for that reason that we decided to make it easy and accessible for families and small business owners that would like to apply Security, Privacy, Productivity Enhancement and Content protection at a minimal cost.
Choose from the basic Home package aimed at simplicity and family use, or the Professional package that is geared towards SMB commercial applications.
DNSharmony? is available as a self installable package for pFsense and ASUS Merlin WRT. The option for buying a pre-installed router for Home or Business use will be offered soon.
Enhanced Security.
Threat intelligence aggregation. Combine the protection of multiple sources. Block all known malicious domains. No endpoint software installation required. Protect all IoT or any device while connected to your network, regardless of operating system or device type.
Protection against harmful content.
Enforce Safe Search and Google / YouTube Safe Modes Block any unwanted domain.
Enhanced Privacy.
Block trackers and ads.
Productivity Enhancement.
Provide focus in work or school environments by blocking all distractions, social media or entertainment. Set Schedules to limit access to distractions.
DNSharmony? is an ADAMnetworks? Technology element that functions inside adam:ONE?. It allows for using multiple protective DNS resolvers via aggregation. Feedback on which policy or upstream resolver triggered a block is noted in your running log and you can assign custom policies to individual devices or groups of devices.
As part of adam:ONE? ZTc deployment, DNSharmony? is used as a DNS intelligence aggregation layer for adam:ONE? offering powerful customization. For those not yet ready for the security value of a Zero Trust connected environment, DNSharmony? could be used as the primary filtering technology to protect against known threats and harmful content.
Best of all, there is a free version of DNSharmony? that is aimed at researchers and tech nerds that want to apply it for non-commercial personal use. This way you get to try us out to see if you like us and our products.
DNSharmony? allows you to have the following key wins for your network:
Resilience: Redundant DNS resolution facilitates resilience in the case that an upstream resolver is down.
DNS Intelligence aggregation: Combine multiple intelligence sources to greatly increase the effective value of your DNS filtering decisions, no matter what your aim with filtering is.
Device Agnostic Protection: Because adam:ONE? functions out of band, protection can be applied to any device connected to your network. No endpoint agent required. IoT and Smart Device friendly.
Visibility: adam:ONE? facilitates an internal real time log of all traffic filtering decisions.
Productivity: Increase productivity and reduce your attack surface by applying schedules.
Privacy: Block Trackers and third party ads per policy.
Security: Block all known malware and security threats that use DNS as part of the attack vector. By combining multiple intelligence sources, you greatly increase effectiveness.
Content Protection: Block all known harmful content destinations and enforce Safe settings on Compatible Search engines (Brave, Google, Bing & Duck Duck Go) + YouTube.
Per device / per group policy assignment: Assign policies per device and have full visibility to all devices connected to your network.
DynDNS: Facilitate Dynamic DNS through the adam:ONE? muscle.
SIEM integration: As an enterprise, you can integrate into SIEM to provide a running log of all traffic filtering decisions and enrich the inputs with all DNS requests from your network. Enjoy powerful DNS intelligence analysis with multiple vendors.
AD integration: Assign policies by AD integration.
Flexible Layers: adam:ONE? can operate at layer 3 or layer 2. In deployments where every endpoint is layer2-visible to adam:ONE, additional value is created by real-time device inventory and automated policy assignment on a per-network basis.
The result of default gateway-based forced DNS is security and convenience without easy circumvention of your policies by an endpoint. The below example shows Google SafeSearch being forced no matter whom you ask.
| Protective DNS | DNS Server IPv4 | DNS Server IPv6 | Blocked Destinations | Blocked Answers |
|---|---|---|---|---|
| Quad9 | 9.9.9.9 149.112.112.112 | 2620:fe::fe 2620:fe::9 | Malware as identified by aggregate vendors | NXDOMAIN |
| Cisco Umbrella | 208.67.220.220, 208.67.222.222 | 2620:119:35::35 2620:119:53::53 | Selectable Categories to Block | OpenDNS block IP range |
| CleanBrowsing | 185.228.168.168 185.228.169.168 | 2a0d:2a00:0001:: 2a0d:2a00:0002:: | Safe for kids under 13, including Safety YouTube | NXDOMAIN |
| Cloudflare (No Malware) | 1.1.1.2 1.0.0.2 | 2606:4700:4700::1112 2606:4700:4700::1002 | Malware known to Cloudflare | 0.0.0.0 |
| Cloudflare (No Malware or Adult Content) | 1.1.1.3 1.0.0.3 | 2606:4700:4700::1113 2606:4700:4700::1003 | Malware and Harmful Content known to Cloudflare | 0.0.0.0 |
| Control D - Malware | 76.76.2.1 76.76.10.1 | 2606:1a40::1 2606:1a40:1::1 | Malware by threat intelligence feeds | 0.0.0.0 |
| Control D - Family Friendly | 76.76.2.4 76.76.10.4 | 2606:1a40::4 2606:1a40:1::4 | Malware, Ads, Tracking, Adult Content, Drugs | 0.0.0.0 |
| Comodo Secure DNS | 8.26.56.26 8.20.247.20 | - | Parked and malware domains | 52.15.96.207 |
| DNS Filter* | 103.247.36.36 103.247.37.37 (and more for alternate profiles) | - | Adult Content | 45.253.131.236 |
| Webroot* | 45.54.50.50 45.54.50.51 | - | Selectable categories to block | 35.199.56.164 |
Distributed sinkholing also has the advantage of being local traffic only, thereby faster and consuming no WAN bandwidth at all. Blocked destinations are also not observable to the ISP.
See our terms of use for details on how your DNS information is anonymized. DNSharmony? is also DNSSEC-aware, meaning your DNSSEC queries are honored and remain secured in transit. (adam:ONE? ZTc application of DNSharmony? includes full compatibility with DoH, DoQ and DoT. )
| DNSharmony? Community | US $0/mo | Personal | Non commercial use only |
| DNSharmony? Home | US $9.99/mo | Home use only |
| DNSharmony? Professional | US $99.99/mo | SMB use |
A security ecosystem designed from first-principles on a Zero Trust philosophy.
This True Proactive approach proves to be immune against advanced attacks (such as the Solar Winds breach and Pegasus etc.) by killing attacks BEFORE they were able to execute and BEFORE they were detected by the world’s best current SASE solutions.
Yes. Zero Trust is possible on Layer2. And the consequence of this true-proactive technology is a breath of fresh air amidst the fog of legacy reactive systems that only gets you halfway there.
adam:ONE? is a ZeroTrust connectivity (ZTc) solution made practical by use of AI and stacking additional technologies such as DTTS? egress control and DNSharmony? threat intelligence aggregation.
At the core is a highly optimized DNS caching resolver. It operates in a hybrid Muscle-Brain configuration. While the Muscle is distributed on-premise or in your cloud edge networks, the Brain is centralized. This allows the performance and resilience of decentralized operation, while maintaining the benefit of centralized control. Additionally, custodial protection remains distributed to each node to eliminate the single-point-of-failure risks associated with cloud-only based solutions.
By operating out-of-band, protection is achieved without the need of any endpoint software installed on these assets. This allows for the protection of the myriad of IoT devices and all vulnerable control technologies used in critical infrastructure.
Full Layer2 visibility is achieved and facilitates automated device inventory. Default deny-all treatment for each asset is standard, making a true ZT posture an automatic benefit.
Individual policies with flexible rules can be applied per asset or group on a permanent or scheduled basis, as needed.
Seamless integration with 802.1X facilitates user based authentication and automated policy assignment. Additionally hardware based authentication for devices not compatible with human friendly authentication are used as default, extending your Zero Trust posture even to legacy devices in real-life environments.
Shadow IT is easily eliminated in the ZTc environment of adam:ONE?. Since all connections are denied by default, only assets and services approved by the security admin will continue to operate.
Multiple adam:ONE? elements are stacked in the adam:ONE? ecosystem to allow immense flexibility to the security admin.
Solving the design failures of legacy DNS based firewalls by implementing Don’t talk to strangers (DTTS)?, all leaks by direct IP connections are prevented. This allows for effective ZTc protection by DNS without the need to use any centralized proxies and without the need to break encryption. This is a huge win for security and privacy.
DTTS? also provides dynamic egress control that prevents circumvention, breaks C2 connections, and eliminates Data Exfiltration channels.
The default deny-all connection posture of ZTc is made practical by automated dynamic allow-listing powered by AI. ZTc Adaptive AI and ZTc Reflex AI provide two flavors to find the perfect balance between UX convenience vs. the hardness of your security posture. It is now practical to reduce your attack surface to Near Zero (7000:1) while maintaining a productive work environment for all your assets.
With ZTc policies of adam:ONE?, only connections requested by the verified user and verified to be safe are dynamically allowed - all others are denied by default. This practically resolves Human Factor risks by eliminating all phishing vectors. (Including spear phishing and smishing on mobile devices)
With DNSharmony?, security admins can choose to aggregate the Threat Intelligence Sources of their choice at the Muscle. The aggregated result provides both enhanced security, and resilience for mission critical operations in case of an outage with their primary DNS resolver.
Edge Application is flexible: The adam:ONE? Muscle can be baked natively into the OS of a device; be deployed at the network edge; live as a node in the cloud; forced onto mobile assets via secured tunnel; or applied at carrier level via dedicated APN. It could also be inserted mid-stream as a bridge device to augment current security frameworks without the need to displace existing infrastructure.
Build your adam:ONE? stack just the way you want it. The adam:ONE? caching resolver is a fully customizable technology platform. Multiple modules are combined to build your security stack just the way you want it.
Free or Commercial license. SEE MORE
The net result is preventing all C2 malware that use direct outbound connections as part of the attack vector from executing. As well as providing immunity against data extortion by preventing exfiltration of data from the protected network.
Allowed connections are automatically added to the dynamic allowlist and assets verified to the same node have access to connections from the same list. The same rule could be shared between other subscribed adam:ONE? nodes. This dynamic rule can be maintained by AI verification, or collapsed by temporal triggers once the need for access expired.
Primarily used for protecting HVAs with emphasis on mission critical security.
This eliminates the delay associated with ZTc Adaptive AI between connection requests and verification, as decisions are done on a real time reflex basis of the Reflex Policy. Conflict resolutions between overlapping categorizations are also handled by preset preferences for the specific reflex policy.
Primarily used for protecting HVAs with emphasis on fast human experience.
UBA allows assets to be authenticated by user vs hardware, and allows for policy assignments to automatically apply to the verified user.
The net result: Immunity to Pegasus Forced Entry* and other APTs are achieved via the ZeroTrust connectivity established through DTTS? and ZTc Adaptive AI Allowlisting of adam:ONE? in a dedicated cloud exit. *(This was achieved even before the threat became known).
adam:ONE? is a SASE solution based on design from First Principles. It allows for flexible edge deployment that can travel with the device. Amongst a myriad of wins for security admins that want a practical Zero Trust posture, some of the core elements that make it unique are:
Re-shape the posture of the entire Internet to Zero Trust for any asset, one connection at a time.
adam:ONE? functions in a hybrid Muscle-Brain configuration. The Muscle is distributed to the network edge and executes decisions on “muscle memory”, while the Brain is a centralized cloud controller that trains the muscle on new instructions.
This allows the performance and resilience of decentralized operation, while maintaining the benefit of centralized control.
Custodial protection remains distributed to each node and thus eliminates the single-point-of-failure and performance bottlenecks associated with cloud-only solutions.
Stop trying to keep track of what is bad. We all lost that battle years ago. It is time to use threat intelligence proactively by keeping track of what is good.
If the security technology you’re implementing requires detection, it is reactive and you cannot establish a true-proactive security posture. Real Time Detection is not fast enough. You’ve already been breached.
ZTc denies all connections unless 1. Requested by an authenticated asset and 2. Verified as safe to that asset requesting that connection as based on a customized policy.
Don’t Talk to Strangers (DTTS)? is a patented technology that solves the fundamental design flaw of TCP/IP (that was not based on principles of security, but optimization). It does so without the need to alter any protocol, by creating an edge that denies all connections to an asset, unless verified by DNS lookup and approved by the policy applied.
How do you guarantee the best threat intelligence in the world? By aggregating the best with the second, third, fourth, and N-th best of your choice right at the connection edge. With DNSharmony? the power of unity is now under your control.
| Plan | Community* | Home | Professional | ZTc SMB | ZTc Enterprise | |
|---|---|---|---|---|---|---|
| Posture | Enhanced Reactive | True Proactive | ||||
| Technology Stack Type | Threat Intelligence Aggregation only | Full ZTc | ||||
| Requires to be managed and monitored | No | No | No | |||
| MSRP starting at USD | $0 | $9.99/m | $99.99/m | Quoted | Quoted | |
| SLA and Monitoring | | Optional | |||||
| Requires LTP | No | No | No | |||
| Max Devices / Plan | 100 | 100 | 1,000 | 2,500 | Unlimited | |
| ADAM Supplied Support Options | - Community Forum | - Community Forum |
|
|
|
|
| License for Commercial Use | ||||||
| Policies | ||||||
| Number of policies | Single | Many | Many | Many | Many | |
| Blocklist Type (Reactive) | ||||||
| ZTc (Default Deny All) | ||||||
| Schedule | ||||||
| No Internet | ||||||
| Unfiltered | ||||||
| Rules / Lists / Resolvers | ||||||
| Blocklist Rules (built-in) | ||||||
| Blocklist Rules (custom) | ||||||
| DNSharmony? (multiple policies) from pre-built options | ||||||
| DNSharmony? (custom resolvers) | ||||||
| DNSharmony? (Umbrella Integration) | ||||||
| Post Rule Processors | Single | Multiple | Multiple | Multiple | Multiple | |
| DNSharmony? Customization | Select from Preset Resolvers only | Customize Resolvers to include other 3rd party | ||||
| Allowlist Rules | ||||||
| Authoritative Rules | ||||||
| Subscription (Central Verified/managed lists) | ||||||
| Subscription LTP Premium Rules | ||||||
| AI Dynamic Smart Rules | ||||||
| Subscribe to user-shared Rules | ||||||
| Share Rules for Subscription | ||||||
| Forwarding Rules (including AD integration) | ||||||
| Technology Features | ||||||
| DTTS? | Restricted Enablers | |||||
| DTTS? Enablers - Preset | ||||||
| DTTS? Enablers - Custom | ||||||
| Adaptive AI? | ||||||
| Reflex AI? | ||||||
| High Availability | ||||||
| DynDNS (2my.network) | ||||||
| MyTools secured | ||||||
| DNS Encryption (internal DoH, DoT) | ||||||
| Integrations (SIEM, 802.1X, etc) | ||||||
| Reporting | ||||||
| Hardware | ||||||
| LTP-supplied hardware | Optional | Optional | ||||
| If LTP-supplied, must be HA | Optional | |||||
| DIY hardware/hypervisor | Optional | Optional | ||||
| If DIY, must be HA | Optional | |||||
| ADAM-supplied hardware | Optional | Optional | ||||
| If ADAM-supplied must be HA | Optional | |||||
| DIY users Installable | LTP only | LTP only | ||||
| Small | Medium Business | Number of Endpoints |
|---|---|
| SMB | up to 2500 |
| Enterprise | Number of Endpoints |
| Small | Up to 5,000 |
| Medium | Up to 10,000 |
| Large Enterprise | Up to 50,000 |
| Extra Large | Over 50,000 |
Need help? Jump to our knowledgebase or our forum to join the community of like-minded security professionals.
Send us a message and we will get back to you.
We understand that any technology can be used by different entities with intent that goes against the primary aims of the developer. It is for this reason that we delineate clearly between what our technologies may be used for and what it may not.
By adhering to these ethical standards, ADAMnetworks? seeks to ensure that our technology remains a positive force, dedicated to the protection of people and their systems as they live and interact online.
